Thomas Lorünser

Practical quantum key distribution with polarization entangled photons

The paper reports on the entangled-state quantum cryptography system practical operation. The full key generation protocol was performed in real-time over a fiber bundle of 1.45 km length, installed for this experiment in the Vienna sewage system. The generated quantum key was immediately handed over and used by a secure communication application of order for remittance.

High-fidelity transmission of polarization encoded qubits from an entangled source over 100 km of fiber

We demonstrate non-degenerate down-conversion at 810 and 1550 nm for long-distance fiber based quantum communication using polarization entangled photon pairs. Measurements of the two-photon visibility, without dark count subtraction, have shown that the quantum correlations (raw visibility 89%) allow secure quantum cryptography after 100 km of non-zero dispersion shifted fiber using commercially available single photon detectors. In addition, quantum state tomography has revealed little degradation of state negativity, decreasing from 0.99 at the source to 0.93 after 100 km, indicating minimal loss in fidelity during the transmission.

A fully automated entanglement-based quantum cryptography system for telecom fiber networks

We present in this paper a quantum key distribution (QKD) system based on polarization entanglement for use in telecom fibers. A QKD exchange up to 50 km was demonstrated in the laboratory with a secure key rate of 550 bits s−1. The system is compact and portable with a fully automated start-up, and stabilization modules for polarization, synchronization and photon coupling allow hands-off operation. Stable and reliable key exchange in a deployed optical fiber of 16 km length was demonstrated. In this fiber network, we achieved over 2 weeks an automatic key generation with an average key rate of 2000 bits s−1 without manual intervention. During this period, the system had an average entanglement visibility of 93%, highlighting the technical level and stability achieved for entanglement-based quantum cryptography.

Towards a New Paradigm for Privacy and Security in Cloud Services

The market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most sensitive data to external parties for storage and processing. The reason for their hesitation is clear: There exist no satisfactory approaches to adequately protect the data during its lifetime in the cloud. The EU Project Prismacloud (Horizon 2020 programme; duration 2/2015–7/2018) addresses these challenges and yields a portfolio of novel technologies to build security enabled cloud services, guaranteeing the required security with the strongest notion possible, namely by means of cryptography. We present a new approach towards a next generation of security and privacy enabled services to be deployed in only partially trusted cloud infrastructures.

Fully-passive resiliency switch for agile PON restoration

We present a network recovery concept based on fully-passive inline demarcation nodes powered through energy scavenging at low optical feed level of -10dBm. Protection switching in 10.7 ms is experimentally demonstrated at the PON feeder.

Passive ROADM Flexibility in Optical Access With Spectral and Spatial Reconfigurability

An energy-aware solution for physical-layer reconfigurability in metro-access networks is presented. The dynamicity of optical switching is introduced in nodes that are perceived as fully-passive by the network. Energy scavenging at low optical feed level of -10dBm supports field-deployment without local electrical power supply. Two types of network nodes are demonstrated experimentally. First, a resilience node is evaluated for fast protection switching in 10.7 ms at the feeder segment. Optical switching is further exploited for the purpose of dynamic allocation of spectral slices and routing in a new class of reconfigurable optical add-drop multiplexer. The spectral bandwidth of drop segments can be extended on demand while intranetwork communication among different segments of the access network is also enabled. Finally, we discuss the potential for realizing self-powering by means of tapping optical signals traversing the access network rather than utilizing a dedicated pump source.

Security processor with quantum key distribution

We present a fully operable security gateway prototype, integrating quantum key distribution and realised as a system-on-chip. It is implemented on a field-programmable gate array and provides a virtual private network with low latency and gigabit throughput. The seamless hard- and software integration of a quantum key distribution layer enables high key-update rates for the encryption modules. Hence, the amount of data encrypted with one session key can be significantly decreased. We realise a highly modular architecture and make extensive use of software/hardware partitioning. This work is the first approach towards application of a new key distribution technology in dedicated security processors. In particular, it elaborates requirements for the integration of quantum key distribution on a chip level.

Batch-verifiable Secret Sharing with Unconditional Privacy.

We propose the first batch-verifiable secret sharing scheme with a significant security property, namely that of unconditional privacy. Verifiability and privacy of secret-shared messages are a crucial feature, e.g., in distributed computing scenarios, and verifiable secret sharing schemes with unconditional privacy (but without a batching feature) exist for a long time, e.g., Ben-Or, Goldwasser, and Wigderson (STOC 1988). Unfortunately, those schemes are able to verify only a single message at a time which, however, is not a very realistic scenario in a more practical setting. Namely, large files in real-world implementations are often split into many message blocks on a several-byte level and, thus, many known single-message verifiable secret sharing schemes tend to behave inefficiently in such a scenario. To improve practicability, batch-verifiable secret sharing was proposed by Bellare, Garay, and Rabin (ACM PODC 1996). In their scheme, the servers are able to verify a batch of messages (instead of only one) at almost the same amortized efficiency costs in comparison to efficient existing verifiable secret sharing schemes that only deal with single messages. However, the Bellare-GarayRabin scheme does not consider the important security property of unconditional privacy. Unconditionally private schemes information-theoretically guarantee privacy even against computationally unbounded adversaries and, hence, can be seen to be private in a long-term sense. In this work, we lift the Bellare-Garay-Rabin scheme to the unconditional privacy setting in a rigorous manner while preserving the practicability of their scheme simultaneously.

Cloud Security and Privacy by Design

In current cloud paradigms and models, security and privacy are typically treated as add-ons and are not adequately integrated as functions of the cloud systems. The EU Project Prismacloud (Horizon 2020 programme; duration 2/2015–7/2018) sets out to address this challenge and yields a portfolio of novel technologies to build security enabled cloud services, guaranteeing the required security by built-in strong cryptography.

RESPONSE TO "VULNERABILITY OF 'A NOVEL PROTOCOL-AUTHENTICATION ALGORITHM RULING OUT A MAN-IN-THE-MIDDLE ATTACK IN QUANTUM CRYPTOGRAPHY' "

In this work, we respond to a comment by A. Abidin and J.-A. Larsson on our previous paper, Int. J. Quant. Inf.3 (2005) 225.